Technical Analysis of a Novel IMEEX Framework
Oct. 14, 2024, 11:15 a.m.
Tags
External References
Description
The IMEEX framework is a newly discovered, custom-built malware targeting Windows systems. Delivered as a 64-bit DLL, it offers extensive control over compromised machines, featuring execution of additional modules, file manipulation, process management, registry modification, and remote command execution. It primarily targets Djibouti and Afghanistan, gathering system information and communicating with its command-and-control server over encrypted channels. The framework employs advanced techniques like masquerading as legitimate processes, mutex creation, and encrypted communications to maintain persistence and evade detection. Its modular approach, robust capabilities, and potential infrastructure overlap with ShadowPad suggest an evolution in threat actor tactics.
Date
Published: Oct. 14, 2024, 10:57 a.m.
Created: Oct. 14, 2024, 10:57 a.m.
Modified: Oct. 14, 2024, 11:15 a.m.
Indicators
94b8a01ad4b53d202984afb6781d7f88cb5cd329349791516e985ea88e08ad66
7d02ad54e4e56f34e59414f9b02397901fc61bb1158a31ab2586fe62564aeb93
7a3113d3212605a33924ad16ab360b7d48cc94de0de1c1cf9dc44695d4a01648
6fcd206752cd87c26909ed3751b94eb8ef14cd1567d3757cae7fa0b89d3f77c7
3e25798da0232d9039e570fb34d4bdccf7f082fa38b486a097d954f5f3debab3
45.141.139.146
yurtumawat.wwwhost.us
erkinhorshiden.onedumb.com
bbsnews.sytes.net
Attack Patterns
IMEEX
T1009
T1122
T1497
T1021
T1489
T1105
T1055
T1036
T1112
T1059
Additional Informations
Djibouti
Afghanistan